From febd308aa8f208006b6559409b03194822258023 Mon Sep 17 00:00:00 2001 From: Kadigan Date: Thu, 13 Feb 2020 19:35:26 +0100 Subject: [PATCH] Update NAT reflection (hairpinning, loopback etc.).md --- .../NAT reflection (hairpinning, loopback etc.).md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/NAT reflection (hairpinning, loopback etc.).md b/Documentation/NAT reflection (hairpinning, loopback etc.).md index 242f250..ba2a37a 100644 --- a/Documentation/NAT reflection (hairpinning, loopback etc.).md +++ b/Documentation/NAT reflection (hairpinning, loopback etc.).md @@ -13,10 +13,10 @@ What you have to do is make sure your router redirects requests from _inside_ y ------------------------------------------ If you happen to be running `iptables` however, here's a line to get you started: -`iptables -t nat -A PREROUTING -i ! YOUR-WAN-INTERFACE -s LAN-NETWORK -d PUBLIC-IP -p tcp --dport PORT -j DNAT --to-destination LAN-SERVER-ADDRES` +`iptables -t nat -A PREROUTING ! -i YOUR-WAN-INTERFACE -s LAN-NETWORK -d PUBLIC-IP -p tcp --dport PORT -j DNAT --to-destination LAN-SERVER-ADDRES` Explanation: -- `-i ! YOUR-WAN-INTERFACE` is there to make sure you don't accidentally include traffic from the Internet - the traffic we want to modify is handled within the router itself (and also, it never hurts to prevent spoofing) +- `! -i YOUR-WAN-INTERFACE` is there to make sure you don't accidentally include traffic from the Internet - the traffic we want to modify is handled within the router itself (and also, it never hurts to prevent spoofing) - `-s LAN-NETWORK` defines your LAN's network pool - for example `-s 10.0.0.0/8` - this is to make sure you're only affecting traffic originating from your local LAN - `-d PUBLIC-IP` line tells it to look for traffic that has a _destination_ of your public IP address - `--dport PORT` is the port you wish to affect, and @@ -24,4 +24,4 @@ Explanation: So, to summarize, **"All traffic that comes in NOT via WAN but comes from LAN, and is destined for the PUBLIC IP and PORT, redirect to internal LAN IP of the server"**. -I hope this helps some. \ No newline at end of file +I hope this helps some.